21 February 2021
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
Heat – Trending Malware and Threat Actors
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
|---|---|---|---|---|
| Silver Sparrow Malware |  |
 |
8 | 12 |
| Turla Spyware |  |
|
3 | 8 |
| Pirrit Adware | |
|
2 | 5 |
| APT1 Comment Crew | |
 |
2 | 4 |
| GoSearch22 | |
|
2 | 11 |
| APT10 | |
|
1 | 1 |
| Kasablanka | |
|
1 | 1 |
| WebMonitor RAT | |
|
1 | 3 |
| Anonymous Malaysia | |
|
1 | 1 |
| ElectroRAT | |
|
1 | 3 |
Data Breaches
Programming Interviews Exposed PDF #ArtificialIntelligence hxxps://www[.]programmers-books[.]com/programming-interviews-exposed/cybersecboardrm – Twitter – Feb 21 2021 04:30Programming Interviews Exposed PDF #ArtificialIntelligence hxxps://www[.]programmers-books[.]com/programming-interviews-exposed/
Millions of DMV records possibly exposed in breach – IT Security Guru hxxps://www[.]itsecurityguru[.]org/2021/02/19/millions-of-californian-dmv-records-possibly-exposed-in-breach/Securityblog – Twitter – Feb 20 2021 23:22Millions of DMV records possibly exposed in breach – IT Security Guru hxxps://www[.]itsecurityguru[.]org/2021/02/19/millions-of-californian-dmv-records-possibly-exposed-in-breach/
The Hydra Darkweb Market Operators Might Have Been ExposedTechNadu – Feb 20 2021 11:03Someone has published the identities of two Ukrainian men who are allegedly behind the Hydra market. Gemini Advisory has dived deeper into the evidence and can confirm that at least one of the two is strongly linked. The tipster claims to have extorted…
How @Kodak Exposed The Atomic Bomb hxxps://youtu[.]be/7pSqk-XV2QMCephurs – Twitter – Feb 20 2021 16:56How @Kodak Exposed The Atomic Bomb hxxps://youtu[.]be/7pSqk-XV2QM
Hacker Groups
Not long until InfoSec has its monthly meltdown about Nicole Perlroth existing, despite reporting on the industry since APT1. hxxps://twitter[.]com/GossiTheDog/status/1363076037177995264/photo/1GossiTheDog – Twitter – Feb 20 2021 10:40Not long until InfoSec has its monthly meltdown about Nicole Perlroth existing, despite reporting on the industry since APT1. hxxps://twitter[.]com/GossiTheDog/status/1363076037177995264/photo/1
The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=f28c4150-73f2-11eb-ae29-002590a5ba2d #jakpost #microsoftanon_indonesia – Twitter – Feb 21 2021 03:14The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=f28c4150-73f2-11eb-ae29-002590a5ba2d #jakpost #microsoft
RT @0xthreatintel: INTL: APT10 aka [ Cicada ] targets Japan Linked Orgs Worldwide.
Blog: hxxps://symantec-enterprise-blogs[.]security[.]com/blogs/threat-intelligence/cicada-apt10-japan-espionage
#threatintel #APT10 #Cicada . hxxps://twitter[.]com/0xthreatintel/status/1329438244572893186/photo/1
Securityblog – Twitter – Feb 20 2021 21:19RT @0xthreatintel: INTL: APT10 aka [ Cicada ] targets Japan Linked Orgs Worldwide.Blog: hxxps://symantec-enterprise-blogs[.]security[.]com/blogs/threat-intelligence/cicada-apt10-japan-espionage
#threatintel #APT10 #Cicada ….
In this week’s Threat Report: US charges Lazarus Group members for global cyber attacks and financial crimes hxxps://www[.]ncsc[.]gov[.]uk/report/weekly-threat-report-19th-february-2021 hxxps://twitter[.]com/NCSC/status/1363037678451720193/photo/1ncsc – Twitter – Feb 20 2021 08:08In this week's Threat Report: US charges Lazarus Group members for global cyber attacks and financial crimes hxxps://www[.]ncsc[.]gov[.]uk/report/weekly-threat-report-19th-february-2021 hxxps://twitter[.]com/NCSC/status/1363037678451720193/photo/1
Malware
Silver Sparrow, a new malware infects Mac systems using Apple M1 chipSecurity Affairs – Feb 20 2021 14:09Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using…
“It checks for the presence of ~/Library/._insu on disk and if the file is present Silver Sparrow removes all of its components…The ._insu file [however] does not appear present by default on macOS, and we currently don’t know the circumstances under which the file appears”KimZetter – Twitter – Feb 20 2021 22:05"It checks for the presence of ~/Library/._insu on disk and if the file is present Silver Sparrow removes all of its components…The ._insu file [however] does not appear present by default on macOS, and we currently don’t know the circumstances…
Mysterious Silver Sparrow Malware Found Nesting on 30K MacsMalwareTips.com – Feb 20 2021 16:09A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide — but it’s unclear why. Hard on the heels of a macOS adware being recompiled to… Click to expand……
New malware found on 30,000 Macs has security pros stumpedArs Technica Risk Assessment – Feb 20 2021 15:10…
Vulnerabilities
Smart doorbells and cameras are loaded with dumb software flaws hxxps://www[.]cyberscoop[.]com/geeni-merkury-smart-doorbells-cameras-flaws-research/CyberScoopNews – Twitter – Feb 20 2021 21:48Smart doorbells and cameras are loaded with dumb software flaws hxxps://www[.]cyberscoop[.]com/geeni-merkury-smart-doorbells-cameras-flaws-research/
A (fixed) software flaw could have allowed spies to spy on gather conversatioanl data from:
– eHarmony
– Plenty of Fish
– MeetMe
– Talkspace
hxxps://www[.]cyberscoop[.]com/flaw-agora-video-calling-software-eavesdroppers/CyberScoopNews – Twitter – Feb 20 2021 19:30A (fixed) software flaw could have allowed spies to spy on gather conversatioanl data from:
– eHarmony
– Plenty of Fish
– MeetMe
– Talkspace
hxxps://www[.]cyberscoop[.]com/flaw-agora-video-calling-software-eavesdroppers/
– eHarmony
– Plenty of Fish
– MeetMe
– Talkspace
hxxps://www[.]cyberscoop[.]com/flaw-agora-video-calling-software-eavesdroppers/CyberScoopNews – Twitter – Feb 20 2021 19:30A (fixed) software flaw could have allowed spies to spy on gather conversatioanl data from:
– eHarmony
– Plenty of Fish
– MeetMe
– Talkspace
hxxps://www[.]cyberscoop[.]com/flaw-agora-video-calling-software-eavesdroppers/
RT @sec715: WTF CVE-2018-12613 🙄🙄 hxxps://twitter[.]com/sec715/status/1363098709915963395/photo/1Securityblog – Twitter – Feb 20 2021 21:18RT @sec715: WTF CVE-2018-12613 🙄🙄 hxxps://twitter[.]com/sec715/status/1363098709915963395/photo/1
On the importance of continuity in fuzzing – CVE-2020-28362 (Ethereum security critical DOS bug) hxxps://www[.]reddit[.]com/r/netsec/comments/lmokm5/on_the_importance_of_continuity_in_fuzzing/Dinosn – Twitter – Feb 20 2021 18:24On the importance of continuity in fuzzing – CVE-2020-28362 (Ethereum security critical DOS bug) hxxps://www[.]reddit[.]com/r/netsec/comments/lmokm5/on_the_importance_of_continuity_in_fuzzing/
Ongoing Campaigns
RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/xanda – Twitter – Feb 20 2021 08:04RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/xanda – Twitter – Feb 20 2021 08:04RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
TDoS attacks could cost lives, warns FBI Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals The post TDoS attacks could cost lives, warns FBI appeared first on WeLiveSecurity hxxps://bit[.]ly/3ug2gqc hxxps://twitter[.]com/InfoSecHotSpot/status/1363136617356091395/photo/1InfoSecHotSpot – Twitter – Feb 20 2021 14:41TDoS attacks could cost lives, warns FBI Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals The post TDoS attacks could cost lives, warns FBI appeared first on WeLiveSecurity…
Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals. Find out in our newest blog. 👇
hxxps://bit[.]ly/37vTeeVESET – Twitter – Feb 20 2021 08:41Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals. Find out in our newest blog. 👇
hxxps://bit[.]ly/37vTeeV
hxxps://bit[.]ly/37vTeeVESET – Twitter – Feb 20 2021 08:41Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals. Find out in our newest blog. 👇
hxxps://bit[.]ly/37vTeeV
New Phishing Attack Identified: Malformed URL PrefixesMalwareTips.com – Feb 20 2021 19:16New Phishing Attack Identified: Malformed URL Prefixes – GreatHorn The GreatHorn Threat Intelligence Team has identified a new email attack trend, where cybercriminals are able to bypass traditional URL defenses to attack end users. Read how phishing…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
